Privacy Policy

Last updated: April 5, 2026

1. Introduction

Welcome to Kinfoly ("we," "us," "our," or the "Service"). Kinfoly is an online platform available at https://kinfoly.com that allows users to build and manage family trees.

This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data. By using Kinfoly, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your email address and password (stored in hashed form only; we never store or have access to your plaintext password).

If you register or sign in using Google OAuth, we may also receive your given name, family name, and profile picture URL from Google.

2.2 Profile Information

You may optionally provide your first name, last name, and a profile photo (avatar) in JPEG, PNG, GIF, or WebP format, up to 2 MB.

2.3 Genealogical Data

The core of Kinfoly is family tree data that you create, enter, and manage. This may include: names, sex, and photographs of family members; life events such as birth, death, marriage, burial, baptism, adoption, graduation, emigration, immigration, residence, occupation, military service, and other events; dates and places associated with those events; family relationships (partnerships, parent-child connections); genealogical sources and citations (titles, authors, publishers, URLs, notes); and GEDCOM files you upload for import.

Important: You are solely responsible for ensuring you have the right to enter, store, and share any personal data about third parties (including living or deceased family members) in your family tree. We do not verify, validate, or moderate the genealogical content you provide.

2.4 Technical and Session Data

When you log in or register, we automatically collect your IP address, browser User-Agent string (browser type, version, operating system), and session timestamps (creation and expiration). This data is used exclusively for session management and security purposes.

2.5 Feedback Data

If you voluntarily submit feedback through our Feedback form, we collect the category, subject, and description you provide. Your name and email (from your account) may be included with the submission for follow-up purposes.

3. How We Use Your Information

We use the information we collect to create and maintain your account, provide the family tree building and management service, authenticate your identity and manage sessions, process GEDCOM file imports and exports, respond to feedback and support inquiries, and maintain the security and integrity of the Service.

We do not use your data for advertising, profiling, automated decision-making, or selling to third parties.

4. Data Storage and Security

4.1 Where Your Data Is Stored

Your data is stored in a PostgreSQL database. Uploaded files (avatars and person photos) may be stored on our servers or on Cloudflare R2 cloud storage, depending on configuration.

4.2 Security Measures

We implement the following security measures: passwords are hashed using industry-standard algorithms (PBKDF2); session cookies are marked HttpOnly and Secure (when transmitted over HTTPS); HTTPS encryption is enforced for all connections; session keys are generated using cryptographically random identifiers.

4.3 No Guarantee of Security

While we take reasonable measures to protect your data, no method of electronic storage or transmission over the Internet is 100% secure. We cannot and do not guarantee the absolute security of your information. You use the Service and transmit data at your own risk.

5. Third-Party Services

5.1 Google OAuth (Optional)

If you choose to sign in with Google, your authentication is handled through Google's OAuth service. Google's own privacy policy governs how Google processes your data. We only receive and store the limited profile information described in Section 2.1.

5.2 Cloudflare R2

Uploaded files may be stored using Cloudflare R2 object storage. Cloudflare's privacy and data processing policies apply to data stored on their infrastructure.

5.3 GitHub (Feedback Only)

Feedback submissions may be forwarded to a private GitHub repository for issue tracking. GitHub's privacy policy applies to data stored on their platform.

We do not integrate any analytics services, advertising networks, or tracking pixels.

6. Data Sharing

We do not sell, rent, or trade your personal information to any third party. We may disclose your information only if required to do so by law, regulation, legal process, or governmental request.

7. Data Retention

Account data is retained for as long as your account exists. Session data expires automatically (8 hours for standard sessions, 30 days for "Remember Me" sessions) and may be deleted thereafter. Genealogical data (trees, persons, families, events, sources, citations) is retained until you delete it or delete your account. Uploaded files (photos) are deleted when the associated person or account is deleted.

8. Your Rights and Choices

You may access your data through the Service interface and API; export your family tree data at any time in GEDCOM format; update or correct your profile and genealogical data; delete your trees, persons, events, and other genealogical data; revoke active sessions from the Settings page; and delete your account — upon account deletion, all associated data will be permanently removed.

9. Children's Privacy

Kinfoly is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us so we can delete it.

10. International Users

Kinfoly is operated from and data may be processed in various jurisdictions. By using the Service, you consent to the transfer and processing of your data in jurisdictions that may have different data protection laws than your country of residence. We make no representations that the Service is appropriate or available for use in any particular jurisdiction.

11. Disclaimer of Responsibility for User Content

All genealogical data, family trees, person records, events, and uploaded files are created and managed entirely by users. We do not review, verify, moderate, or endorse any user-generated content. You are solely responsible for the accuracy, legality, and appropriateness of any data you enter into the Service, including data about third parties.

We are not responsible for any claims, disputes, or liabilities arising from the genealogical data you create or share.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13. Contact

If you have any questions about this Privacy Policy, you may contact us at: [email protected]